FBI Works to Expand Court Authority for Its Offensive Cyber Operations
by Anthony W. Accurso
The FBI’s effort to disable an army of zombie computers being used for cyber-crime is pretty mediagenic, but it is the latest step in the DOJ’s plan to render jurisdictional limits on law enforcement power obsolete.
For the last two decades or so, the internet has risen to prominence to be the hub for nearly all commerce and communications around the globe, and criminals have been adapting to this new operating environment, coming up with unique and clever ways to gain the upper hand.
Though viruses have been around since before the internet, having billions of devices connected to the internet has allowed hackers to create networks of infected computers, all joined together to serve the same purpose and controlled by a central server. Such networks are called “botnets,” and these can accomplish various tasks such as sending spam emails, conducting denial of service attacks to shut down legitimate servers, or scanning for other computers to distribute the virus.
One such network called “Qakbot,” consisting of around 700,000 infected computers, became the latest target for the FBI’s cybercrime division. After getting permission from a U.S. District Court, the FBI hacked Qakbot’s central server and forced it to send an update to the network, disabling the viral code that enslaved the zombie machines without their owners’ knowledge.
Put another way though, the FBI created custom software that they deployed to hundreds of thousands of computers without the consent of the owners but with the blessing of a federal court. And according to an FBI official who spoke to NBC News under the condition of anonymity, “[v]ictims will not be notified that their devices had been fixed or that they had ever been compromised.” This hacking was done without regard to jurisdiction, as the FBI had no idea where the 700,000 computers were located. The court essentially authorized the FBI to hack computers all over the planet.
This is not the first time such a thing has happened. In 2014, the FBI got a magistrate judge in the Eastern District of Virginia to authorize a search of a server in an unknown location that they said was distributing child pornography. They took over the server and, instead of shutting it down, used it to distribute malware to thousands of computers with the intent to identify and prosecute visitors to the site (while continuing to distribute 10 times as much illegal content as the site was distributing before the government seizure).
After defendants brought challenges to the magistrate’s authority to grant such a search warrant spanning the globe, the DOJ lobbied to have the rule governing search warrants changed. Rule 41 of the Federal Rules of Criminal Procedure was modified in 2016 to allow “a magistrate judge with authority in any district where activities related to a crime may have occurred” may issue a remote search warrant when “the district where the [computer] is located has been concealed through technological means.” Rule 41(b)(6)(a).
Taking down the Qakbot network advances the FBI’s long-term goal to project their offensive capabilities into any computer on the planet that it deems to have engaged in criminal behavior, regardless of its location. Though Rule 41(f) requires the FBI to notify anyone affected by the warrant, it simply submitted “6.4 million email accounts tied to Qakbot” to a web service “Have I Been Pwned” as a nod to this requirement.
The purpose of disclosure under Rule 41 is to allow any party subject to a search to challenge the constitutionality of that search in court. This purported accountability is intended to keep law enforcement honest by empowering U.S. District Courts and Courts of Appeals to review the legality of such actions. But given that no real effort to identify affected users was made, nobody will be able to challenge the warrant. This was likely by design, as it would be difficult for the FBI to justify to a reviewing court that it had “particularly describ[ed] the place to be searched, and the persons or things to be seized,” as is required by the U.S. Constitution’s Fourth Amendment.
Eventually though, in some future case where the FBI hacks some unsuspecting user who actually discovers the breach and links it back to a specific warrant, the FBI will then seek to justify the breach by pointing to a line of warrants authorizing such activity, including this one that targeted Qakbot.
Given the sheer number of compromised computers participating in botnets, the elimination of Qakbot will result in negligible benefits to the American people, who are forced to watch as the FBI erodes constitutional protections.
“It’s inarguable that disrupting botnets is a public good,” wrote Tim Cushing for Techdirt.com. “But it is inarguable that disruption should occur by any means necessary … or, at least, any means convenient.”
Sources: NBCNews.com, techdirt.com
As a digital subscriber to Criminal Legal News, you can access full text and downloads for this and other premium content.
Already a subscriber? Login
